Announcement

Collapse
No announcement yet.

CVE-2017-9445: systemd Hit By New Security Vulnerability

Collapse
X
Collapse
 
  • Page of 9
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 7 9 template Next
  • #31
    Originally posted by caligula View Post

    Perhaps, but it is still not as widely used. It seems the matter of bounds checking is still problematic in C: https://en.wikipedia.org/wiki/C11_(C...ion)#Criticism
    Have you just opened a random wikipedia page, Ctrl+F'd "criticism" and copy paste it over the forum?
    • Likes 1

    Comment

    • #32
      Originally posted by caligula View Post
      Many types of bugs could have been eliminated years before Rust was here. Even Pascal has better type safety than C. Java has had bounds checking since its birth. Ada is pretty safe. Dependent typing can perform miracles, not only with bounds checking and format strings. Too bad the mainstream programmers disagree with decades of language research.
      Languages that uses a VM or doesn't interface well with C does not work for these kinds of things though. Rust does and most of systemd is new enough so there is no excuse for delivering software this broken.

      Originally posted by Vistaus View Post
      So? Reducing the attack marginally is still better than current.
      The thing is, it's not even marginally. It's drastically better. Nearly all security bugs is due to bad languages and/or bad frameworks.

      pal666 Not sure if a troll or just extremely ignorant but non the less you still make a lot of dump posts.
      1. Just because there exists better tools does not mean all backwards compatibility is gone.
      2. Attacking people for writing on a forum by writing on a forum is... well... yeah...
      3. I do write my software in either Rust, Elm or TypeScript with strictNullChecks.
      • Likes 2

      Comment

      • #33
        CVE: Moronix hit by stupid troll article. Recommended solution: delete; stupidity can spread to other sites.
        • Likes 3

        Comment

        • #34
          Originally posted by L_A_G View Post
          Classic systemd fanboy response to a CVE concerning it. 1/10
          Classic systemd hater response to people actually stating the truth isn't anywhere as bad as the clickbait might have implied.

          • Likes 4

          Comment

          • #35
            FFS, it's not clickbait, unless you want to assume that Michael is evil. systemd-resolved may not be what most people think of when they hear systemd, but it's still got systemd in the name and it's still part of that umbrella. Even if Michael had explicitly stated systemd-resolved was the culprit, it wouldn't change much. People would still click on the article, systemd fans/haters would still crawl out of the woodwork, and uid313 would still campaign for the entire Linux ecosystem to be rewritten in Rust.
            • Likes 2

            Comment

            • #36
              Cool, this is why systemd-resolved is still not recommended on most systems. DNS resolvers are years of serious work.
              • Likes 1

              Comment

              • #37
                Originally posted by L_A_G View Post

                Classic systemd fanboy response to a CVE concerning it. 1/10
                Aaaaaand you got baited. I'm anything but a systemd fanboy. I don't like systemd, but I can live with it. Sad to see you couldn't read my comment as innocent as it was. How will this end? ...
                Last edited by sdack; 28 June 2017, 02:40 PM.

                Comment

                • #38
                  Originally posted by DanL View Post
                  FFS, it's not clickbait, unless you want to assume that Michael is evil. systemd-resolved may not be what most people think of when they hear systemd, but it's still got systemd in the name and it's still part of that umbrella. Even if Michael had explicitly stated systemd-resolved was the culprit, it wouldn't change much.
                  Try to guess what title catches more clicks:
                  1. CVE-2017-9445: systemd Hit By New Security Vulnerability
                  2. CVE-2017-9445: systemd-resolved, which is not recommended on most systems and isn't used outside of Ubuntu Hit By New Security Vulnerability

                  News sites live on clicks or views or whatever, their entire businness model revolves around click/viewbait. Hell, even more traditional press is the same.
                  • Likes 2

                  Comment

                  • #39
                    ^You're exaggerating.
                    CVE-2017-9445: systemd-resolved Hit By New Security Vulnerability
                    There's your headline and it still works the same way
                    • Likes 1

                    Comment

                    • #40
                      Originally posted by DanL View Post
                      ^You're exaggerating.
                      That's the actual news. I'm showing how the actual truth vs the clickbait is.
                      CVE-2017-9445: systemd-resolved Hit By New Security Vulnerability
                      There's your headline and it still works the same way
                      That would be what honest article-writers would place in the title, but y'know, that's already not "systemd", so it already loses most of its emotional impact. Who the fuck knows what systemd-resolved is and where it is used? This would prompt people to go digging and reading, and that's boring, not many do.

                      What most studies have shown to attract people is show stuff that has direct emotional impact, pushing people to educate themselves never worked and never will.

                      • Likes 2

                      Comment

                      Previous 1 2 3 4 5 6 7 9 template Next
                      Working...
                      X